You have to make an exception or "hole" in your firewall. The normal TSM backup client data comes through on port 1500 (by default). So your firewall administrator has to put in the firewall config that "traffic to/from address xxx.yyy.zzz on port 1500 is allowed through".
It's a normal thing that a firewall administrator does. However, if your site has a NO HOLES security policy, then you're stuck and can't do it. Tivoli doesn't care whether you do it or not, as far as I know; it's a network routing issue. We do it with no problems, although we had to also config the firewall for a longer timeout value for that traffic. Sometimes there will be no traffic on the TCP/IP session for a while as the TSM client goes noodling around in it's filesystem to find things to back up, and the firewall will assume it's dead and try to terminate the session. If that happens, just allow it a longer timeout value. That's a non-network-person's explanation of what you have to do: I'm sure some of the network gurus here can give a more technically correct one! -----Original Message----- From: Kent Monthei [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 28, 2001 12:56 PM To: [EMAIL PROTECTED] Subject: Supporting TSM Clients residing outside the TSM Server's firewall This could be a key selling point for using TSM (versus NetBackup) to back up several servers that reside outside our firewall. Several quick questions on this subject: 1. Can it be done? 2. Does Tivoli support it? 3. Is extensive configuration of the firewall itself needed? 4. Is there a 'how-to' doc, redbook or other good reference source available? (I'm looking for an exec summary or good overview, not reams of tech documentation) Thanks, Kent Monthei GlaxoSmithKline
